The word ‘governance’ sends many middle-market businesses cowering. For start-ups, it sounds like something that will constrain innovation and fast decision-making. For small family businesses, it seems like expensive overkill. For entrepreneurs with a strong vision, it appears too bureaucratic and stifling.

All good businesses should have appropriate layers of governance, whatever their size or the stage of their lifecycle. It is therefore essential that mid-market businesses understand and embrace the concept. But how can you make ‘governance’ appealing to your clients? Is there a way to transform ‘governance’ from being perceived as a tool of restraint, to being considered a nimble mode of thinking that encourages curiosity and sparks action? We believe there is.

Our approach is to encourage clients to ask the simple question, “how do you know…?”, in order to interrogate the efficacy of policies, procedures and processes, and address these if they are found to be lacking.

From governance to “how do you know…?”

Governance encompasses systems and processes, the segregation of duties, who has authority to act in different circumstances, how people operate and how risks are identified and managed. For business owners, it forms the solid foundation that keeps day-to-day operations on track and above board, and allows them to be proactive rather than reactive when faced with challenges.

Your clients are unlikely to ask you to check if they have a robust system of governance. Instead, they may ask if you think they’re at risk of cyberattack, whether their staff superannuation is being properly dealt with, or if they are doing something that may risk their compliance obligations. All these matters fall under the remit of ‘governance’; but by approaching these issues from the perspective ‘how do you know?’, clients are more likely to engage, and find the motivation to address issues.

The answer to this question will draw out clients’ concerns, what it is that is keeping them awake at night, or should be, and naturally shape a business owners’ next steps.

Examples of scenarios which may emerge from the “how do you know…?” approach include:

How do you know… Ideal response
…you are ready to respond to a cyberattack?
  • We have a crisis management strategy, and a crisis response team who have been trained to respond in the event of a cyberattack;
  • We’ve outsourced all of our IT systems support to a high-quality services provider; or
  • We have a manual backup procedure that will ensure we can continue to manufacture and deliver on time.
…you are compliant with your regulations?
  • We’ve independently reviewed our payroll system to ensure it reflects the current EBA; or
  • Our auditors have been asked to specifically look at this and advise us of any weaknesses in our systems or areas or risks of non-compliance.
…you haven’t left yourself open to internal fraud or theft?
  • We have strong Masterfile controls that report any changes to customer or supplier details, and these are independently checked; or
  • We ensure all key personnel take leave, and there is someone else trained in their job.

Cultivating a culture of curiosity

The cornerstone of good corporate governance is culture. In the context of redefining governance using the question ‘how do you know…?’, business owners and managers will be constantly curious about the activities and actions of the people around them. They will ask themselves how do they know if they have the right systems and processes in place to enable good people to make really good decisions. Cultivating an attitude of curiosity will also foster a culture of openness, responsibility and accountability in their organisations. People at all levels of a business impact its success, so it is important that as a business owner or manager, your clients are not just asking their management ‘how do you know?’, but querying all staff about their ways of working, their knowledge of company policy and procedures, and their preparedness to respond to the firm’s unique challenges.

Trust and transparency

Asking ‘how do you know…?’ can only be an effective mechanism for governance if your clients trust that their management, board, staff, investors or co-owners will give them accurate and complete information in answer to the question. Encourage your clients to work hard in order to build solid relationships at all levels of the business. As business owners and managers, they should aim to establish clear channels of communication, set parameters for performance and make staff accountable for their areas of the business, in order to have faith that they will openly and honestly answer their questions – even if their staff don’t know the answer or know the answer is not what the boss wants to hear!

The impact of good governance is a client that:

  • Can clearly articulate their mission and values
  • Has a culture that is supportive, open and honest at all levels of the business
  • Is attracting the right staff, clients and suppliers
  • Has a clear strategy
  • Can identify both their short-term and long-term goals
  • Has the right people, with the right skills, in the right roles
  • Can receive from their staff value, quality and complete information

Case Study

A recent client experience involved a not for profit board that was frustrated that the CEO wasn’t bringing any new initiatives forward for consideration. It became evident after some private conversations that the CEO felt bullied by one senior director. After a number of failed attempts at initiating change, the CEO stopped trying rather than continually being frustrated and humiliated in meetings. In this instance, a change in directors had a dramatic and almost instant positive impact once trust had been restored.

When you don’t know

What should businesses do when the answer is: “I don’t know” or “Actually, I’ve just realised I’m completely unprepared / noncompliant / unorganised!”

This is a real opportunity for you to step in and provide experienced based recommendations and solutions.  From our experience, once a client themselves has identified a risk or concern they are very open to advice on remedial action.

We are seeing increasing numbers of cases of:

  • Payroll errors impacting brand, reputation and staff morale because base rates and Masterfile data hadn’t been properly checked or understood for some years, particularly where there are complex EBA’s or awards in place;
  • Industry segments such as retail and hospitality where in almost every case we see non-compliance with basic award or EBA conditions, sometimes on purpose, more often by accident;
  • Internet frauds leading to very large and sometimes business threatening payments being diverted and funds not capable of being recovered, and also not covered due to inadequate insurance policies; and
  • “Trusted employees” who haven’t taken extended leave for some time stealing significant cash sums from their employers, leaving owners and staff shocked and demoralised by their actions.

Case Study

Boards and remote owners are totally reliant on management being honest in their communications and reporting.  One recent client Board was forced into seeking an urgent cash injection when they became aware (via tax office demand notices arriving in their home letterboxes) that the ‘trusted CFO’ was managing cash shortfalls by using the ATO as a banker of last resort.  Up until then his response when queried was that everything was in order and all obligations were up to date.

Supporting your clients

In order to support your clients to establish good governance, make the time, or find an opportunity, to talk with them about areas of risk, such as:

  • data integrity and access;
  • cyber security;
  • internet banking frauds;
  • internal systems reviews;
  • adequacy of their systems of internal control; and/or
  • segregation of duties.

Draw examples from your own experience, or from the numerous articles appearing in almost every daily newspaper, to provide examples of the risks inherent in not paying close attention to these issues.

These discussions with clients should lead to conversations where they seek your assistance to:

  • Undertake a thorough review of the internal controls around one or more key systems, such as:
    • payroll;
    • banking and accounts payable; and
    • credit refunds on accounts receivable.
  • Get advice from an expert (you) on risk mitigation strategies
  • Outsource responsibility for IT infrastructure or internal audit